India Legal Compliance

Legal Compliance

Ensuring CarCall aligns with Information Technology Act and Digital Personal Data Protection Act (DPDP) 2023.

Last Updated: March 18, 2026

1. Applicable Laws

CarCall complies with:

  • Information Technology Act, 2000
  • IT Rules (Reasonable Security Practices)
  • Digital Personal Data Protection Act, 2023 (DPDP Act)
  • Applicable RBI/payment regulations (for wallet flows)

2. Consent-Based Data Processing

  • Users provide consent during login and usage via OTP verification.
  • OTP authentication acts as identity verification.
  • Data is collected only for defined purposes.

3. Data Minimization & Purpose Limitation

We collect only necessary data:

  • Phone number (primary identity)
  • Vehicle details
  • Emergency contacts
  • Financial transaction data (for commissions)

Data is used strictly for authentication, emergency communication, QR system functionality, and payments.

4. Data Protection Measures

Our system implements:

  • Phone number hashing for privacy
  • OTP-based secure authentication
  • Role-Based Access Control (RBAC)
  • Audit logs for complete traceability

These align with reasonable security practices under Indian IT law.

5. User Rights (DPDP Act)

Under the DPDP Act 2023, users have the right to:

  • Access their data
  • Correct inaccurate data
  • Request deletion (Right to be Forgotten)
  • Withdraw consent at any time

6. Data Retention & Policy

  • Data is retained only as long as necessary for service delivery.
  • Financial records may be retained for legal compliance as per RBI/Tax laws.
  • Data Breach Policy: In case of a breach, users will be notified promptly and authorities informed if required.

7. Grievance Officer (MANDATORY)

Contact for Grievances

Grievance Officer, CarCall

Email: info@carcall.in

Response Time: Within 15 days

Children's Data Policy

CarCall is not intended for users under 18. We do not intentionally collect or process data from children.